US20230082185A1 - Automation of workloads involving applications employing multi-factor authentication - Google Patents
Automation of workloads involving applications employing multi-factor authentication Download PDFInfo
- Publication number
- US20230082185A1 US20230082185A1 US17/988,660 US202217988660A US2023082185A1 US 20230082185 A1 US20230082185 A1 US 20230082185A1 US 202217988660 A US202217988660 A US 202217988660A US 2023082185 A1 US2023082185 A1 US 2023082185A1
- Authority
- US
- United States
- Prior art keywords
- user
- credential
- application
- bot
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A robotic process automation (RPA) system provides bots that interact with and provide user credentials to applications, such as for multi-factor authentication (MFA). First user credentials associated with MFA are retrieved by the bots from credential storage. Second user credentials that correspond to questions posed to a user of an application are retrieved from credential storage. Second user credentials that correspond to a one-time password are generated by the RPA system. The second user credentials may also be generated by a third-party authentication service that provides the credentials via a secondary channel such as email or SMS, which are then retrieved for presentation to the application.
Description
- This application is a continuation of U.S. patent application Ser. No. 16/779,117, filed Jan. 31, 2020, and entitled “AUTOMATION OF WORKLOADS INVOLVING APPLICATIONS EMPLOYING MULTI-FACTOR AUTHENTICATION,” the content of which is hereby incorporated by reference.
- This disclosure relates generally to the field of data processing systems and more particularly to robotic process automation systems.
- Robotic process automation (RPA) is the application of technology that allows workers in an organization to configure computer software, known as a “robot” to capture and interpret existing applications for processing a transaction, manipulating data, triggering responses and communicating with other digital systems. The software robots in conventional RPA systems employ the software robots to interpret the user interface of third-party applications and to execute steps identically to a human user. For example, many tasks within organizations require individuals to perform the same repetitive tasks, such as entering data from invoices into an enterprise accounts payable application or entering data from a loan application into a loan processing system. RPA permits the automation of such application level repetitive tasks via software robots that are coded to repeatedly and accurately perform the repetitive task.
- When automating human tasks to use applications secured by multi-factor authentication (MFA), automation tools require additional factors other than a login identification and a password for login. There are different methods of MFA. While the form of the additional required factor varies, all MFA techniques require that the additional factor involve a credential or configuration to be first exchanged between the user and the application, and then be used based on the protocol defined by the selected MFA method. This requirement has typically restricted automation from being employed with applications employing MFA.
- A robotic process automation (RPA) system provides bots that interact with and provide user credentials to applications, such as for multi-factor authentication (MFA). A first user credential associated with MFA is retrieved from credential storage. A second user credential that corresponds to questions posed to a user of an application is retrieved from credential storage. A second user credential that corresponds to a one-time password is generated by the RPA system from a security key stored in the credential storage. The second user credential may also be generated by a third party authentication service and is retrieved by the bot via a secondary channel such as email where the bot employs the user credential to access an email account associated with the user to retrieve the second user credential. The secondary channel may be an SMS message where the user has configured their mobile device with an application that recognizes the SMS message and provides the code in the SMS message to the RPA system which then provides the code to the bot.
- These and additional aspects related to the invention will be set forth in part in the description which follows, and in part will be apparent to those skilled in the art from the description or may be learned by practice of the invention. Aspects of the invention may be realized and attained by means of the elements and combinations of various elements and aspects particularly pointed out in the following detailed description and the appended claims.
- It is to be understood that both the foregoing and the following descriptions are exemplary and explanatory only and are not intended to limit the claimed invention or application thereof in any manner whatsoever.
- The accompanying drawings, which are incorporated in and constitute a part of this specification exemplify the embodiments of the present invention and, together with the description, serve to explain and illustrate principles of the inventive techniques disclosed herein. Specifically:
-
FIG. 1 is a high-level block diagram of an embodiment of an RPA system with multi-factor authentication support. -
FIG. 2 is a flowchart illustrating operation of an embodiment of multi-factor authentication. -
FIG. 3 is a flow diagram illustrating operation of second factor authentication. -
FIG. 4 illustrates a block diagram of hardware that may be employed in an implementation of the RPA systems disclosed herein. - In the following detailed description, reference will be made to the accompanying drawings, in which identical functional elements are designated with like numerals. Elements designated with reference numbers ending in a suffix such as .1, .2, .3 are referred to collectively by employing the main reference number without the suffix. For example, 100 refers to topics 100.1, 100.2, 100.3 generally and collectively. The aforementioned accompanying drawings show by way of illustration, and not by way of limitation, specific embodiments and implementations consistent with principles of the present invention. These implementations are described in sufficient detail to enable those skilled in the art to practice the invention and it is to be understood that other implementations may be utilized and that structural changes and/or substitutions of various elements may be made without departing from the scope and spirit of present invention. The following detailed description is, therefore, not to be construed in a limited sense.
- In
FIG. 1 , auser 101 interacts via adevice 102 with anapplication 103, which may take a form such as a desktop-based application or a web-based application. A locallystored application 103 executes directly ondevice 102, which may take a form such as a personal computer, tablet, or other computing device. A web-basedapplication 103 executes partially or entirely on a remote device and interacts withuser 101 via a conventional browser. Theapplication 103 may employ Multi-Factor Authentication (MFA) to increase information security. - MFA is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. The secondary (or tertiary) factors may fall into any one of three categories. First there is knowledge (something the user and only the user knows). An example of this is posing a question to the user, the answer to which only the user is likely to know. Second, is possession—something the user and only the user has. An example of this is a Time Based One-Time Password (TOTP) which is provided only to the user and which is valid for a brief period of time. The difference from knowledge is that the value sent to application is not the credential itself, but something generated from the credential. Third, is interaction where the secondary credential to be sent to an application is provided from the application via a communication method which only the user can access. An example of this is a One-Time Password (OTP) sent to a user via email.
- In
FIG. 1 , a roboticprocess automation system 10 is also shown. TheRPA system 10 includes data storage, seen generally at 136 which stores a plurality of sets oftask processing instructions 134. Each set oftask processing instructions 134 implements a software robot, also referred to as a bot (seen asBot 1,Bot 2, . . . , Bot n) which is operable to interact at a user level with one or more designated user level application programs, such asapplication 103. As used herein, the term “bot” is generally synonymous with the term software robot. In certain contexts, as will be apparent to those skilled in the art in view of the present disclosure, the term “bot runner” refers to a device (virtual or physical), having the necessary software capability, on which a bot will execute or is executing, such as for example adevice 102 loaded with and executing abot 134. Thedata storage 136 also stores a plurality ofwork items 132, where eachwork item 132 is stored for subsequent processing by executing a corresponding set of task processing instructions 134 (also referred to as a bot which implements each set of task processing instructions). A Control Room, seen generally at 130, is operatively coupled to thedata storage 136 and is configured to execute instructions that when executed cause theRPA system 10 to respond to a request from aclient device 102 that is issued by auser 101 to act as a server to provide to theclient device 102 the capability to perform an automation task to process a work item from the plurality ofwork items 132. Theuser 101 interacts with theControl Room 130 to schedule automation tasks to be performed on one ormore devices 102 as if theuser 101 were manually interacting with the necessary application program(s) and the operating system of thedevices 102 to perform the tasks directly. TheControl Room 130 in conjunction withcredential vault 144 holds all software application license and user information. TheControl Room 130 also tracks all bots that have been deployed and knows the status of all deployed bots. - Each
client device 102 may take a variety of forms such as a physical machine, for example, a desktop computer, laptop computer or tablet. Eachclient device 102 may also be a virtual device such as provided by conventional virtualization software which permits multiple operating system sessions to be run on a single computer. Eachclient device 102 may have applications loaded thereon on local storage. - Some or all of the
bots 134 may in certain embodiments be located remotely from theControl Room 130. Moreover, any of thedevices 102 may also be located remotely from theControl Room 130. Thebots 134 and thetasks 132 are shown in separate containers for purposes of illustration but they may be stored in separate or the same device(s), or across multiple devices. TheControl Room 130 performs user management functions, source control of thebots 134, along with providing a dashboard that provides analytics and results of thebots 134, performs license management of software required by thebots 134 and manages overall execution and management of scripts, clients, roles, credentials, and security etc. The major functions performed by theControl Room 130 include: (i) a dashboard that provides a summary of registered/active users, tasks status, repository details, number of clients connected, number of scripts passed or failed recently, tasks that are scheduled to be executed and those that are in progress; (ii) user/role management—permits creation of different roles, such as bot creator, bot runner, admin, and custom roles, and activation, deactivation and modification of roles; (iii) repository management—to manage all scripts, tasks, workflows and reports etc.; (iv) operations management—permits checking status of tasks in progress and history of all tasks, and permits the administrator to stop/start execution of bots currently executing; (v) audit trail—logs creation of all actions performed in the Control Room; (vi) task scheduler—permits scheduling tasks which need to be executed on different clients at any particular time; (vii) credential management—permits password management; and (viii) security: management—permits rights management for all user roles. TheControl Room 130 is shown generally for simplicity of explanation. Multiple instances of theControl Room 130 may be employed where large numbers of bots are deployed to provide for scalability of theRPA system 10. - The centralized credential vault (CV) 144 operates to securely store all credentials and provision them to bots on an on-demand basis. In one embodiment, the
CV 144 implements National Institute of Standards and Technology (NIST) security and privacy controls IA-2 to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). Since sensitive credentials need not be stored in bots or on bot runner systems, theCV 144 facilitates a logical separation of credentials from the bots.CV 144 variables are created fromControl Room 130 and are instantly available to all the bot creators and bot runners registered with therespective Control Room 130. TheCV 144 adds flexibility and dynamic character to bots since only the credential references are present in the bots and not the credentials. When bots are moved from one environment to another environment, absolutely no change is needed in bots. Bots can seamlessly pick up the credential values applicable for the new environment from theControl Room 130 of that environment. Additionally, theControl Room 130 automatically stores configuration related sensitive data into theCV 144 by default. Additional details of thecredential vault 144 are described in pending U.S. patent application Ser. No. 15/957,917 entitled “ROBOTIC PROCESS AUTOMATION SYSTEM AND METHOD WITH SECURE CREDENTIAL VAULT” which is assigned to the assignee of the present application and which is hereby incorporated by reference in its entirety. - The disclosed embodiments permit the
system 10 to deploybots 134 that interact with applications, such asapplication 103, that employ MFA, to permit tasks employing MFA enabled applications to be automated withbots 134. Without theRPA system 10 disclosed herein, use of applications that employ MFA cannot be automated, or auser 101 needs to disable MFA on the target application, which leads to lower security. - Operation of the MFA feature of the
system 10 is described with reference toFIGS. 1 and 2 . To permit automation of anapplication 103 that employs MFA, the MFA feature is enabled 140 on the application 103 (202) and theuser 101 has provided their credential information (204) to theapplication 103. The credential information will include theuser 101's primary credentials, such as the login ID and password. Theuser 101 also interacts with theRPA system 10 to store their credentials (206) associated withapplication 101 to thecredential vault 144 viaControl Room 130. Abot 134 is developed (208) to interact with theapplication 103 and the MFA feature of theapplication 103. The MFA Factor Provider 142 may be a commercially available service that theapplication 103 is configured to interact with. The MFA Factor Provider 142 may provide to the application 103 a secondary (and tertiary etc.) authentication requirement, by way of token 146 which is fulfilled by auser 101 or abot 134 acting on behalf of auser 101. For example, the MFA Factor Provider 142 may be of a type as provided by identity and access management services such as, for example, Microsoft Azure or Okta. The MFA Factor Provider 142 may require any one of a number of secondary authentications, as configured via theapplication 103, such as an answer to one or more questions previously provided by theuser 101. Secondly, the MFA Factor provider 142 may be configured to require a one-time password. Thirdly, the MFA Factor provider 142 may be configured to require a security code provided by the MFA Factor Provider 142 to the user via a secondary channel such as to a user email account or an SMS message provided to a user'smobile device 150. - Subsequently, when the
bot 134 that has been coded to respond to a request for MFA, such asBot 1 executing onDevice 1, thebot 134 operates with the credentials of a user, such asuser 101, to perform operations with theuser 101's credentials as if the user were performing the operations which thebot 134 has been coded to perform. Thebot 134 responds to a request by theapplication 103 for a first set of credentials corresponding to those of user 101 (210), such as a username and password. Thebot 134, which has been provided with RPA system credentials ofuser 101 employs the RPA system credentials ofuser 101 to access credential vault 144 (212) foruser 101's first set of credentials corresponding toapplication 103 to provide such credentials to application 103 (216) which are then validated by validatemodule 141 ofapplication 103. In some embodiments the foregoing described request for the user's first set of credentials may be generated by the MFA Factor Provider 142 which the application may then provide to thebot 134. Once the application has received a first set of credentials corresponding to the expected credentials foruser 101, the MFA Factor Provider 142 will generate a request for second credentials foruser 101 in connection withapplication 103 toapplication 103. This request will be provided byapplication 103 to bot 134 (218) which will then provide the second credentials foruser 101 in accordance with the second credentials specified forapplication 103 byuser 101. - The second credentials for
user 101 forapplication 103 may be one of several types, four of which are shown inFIG. 3 . The second credentials foruser 101 forapplication 103 may be one or more questions generated by MFA Factor Provider 142 (302). Thebot 134 will be encoded to recognize such second credentials and will retrieve the answers from credential vault 144 (303) and provide such second credentials to the application 103 (304). The second credentials foruser 101 forapplication 103 may be a One-Time Password (OTP) which in one embodiment is generated by thecontrol room 130 which retrieves a key stored in the credential vault 144 (306) and generates the OTP with the retrieved key (308). In another embodiment, the OTP is generated by the requestingbot 134 which retrieves the key stored in the credential vault 144 (306) and generates the OTP with the retrieved key (308). Thecontrol room 130 and/or thebot 134 is programmed to generate a Time-based OTP (TOTP) using a TOTP Security Key stored in the credential vault. In one embodiment this is based on an algorithm defined in RFC6238 by the Internet Engineering Task Force, which may be found at tools.ietf.org. In this case, the TOTP Security Key (usually 16 length alphabetic characters. e.g. “EGDBYDSIFLBYEKLQ”) is the credential information stored in thecredential vault 144, and the secondary credential provided to thebot 134 to be sent to theapplication 103 would be a TOTP code (usually 6 digits, e.g. “385934”). - The second credentials may be a code generated by the MFA Factor Provider 142 and provided to an account or device associated with the
user 101 such as by way of an email message to an email account of the user 101 (310) or by way of an SMS message provided to amobile device 150 of the user 101 (314). If the second factor authentication is a code sent via email by the MFA Factor Provider 142 to anemail account 151 provided byuser 101, thebot 134, which receives the request viaapplication 103, connects to theuser 101's email mailbox and retrieves the one-time password sent from the MFA Factor Provider 142 (311) and provides the retrieved password to the application 103 (312). If the code is provided by the MFA Factor Provider 142 to the user'smobile device 150 via SMS, then anapplication 152 installed underuser 101's permission to themobile device 150 operates to recognize the received SMS by monitoring received SMS messages on the device 150 (315). Theapplication 152 is one embodiment is provided by theRPA system 10, instead of by a third-party, to ensure security of the user's environment on thedevice 150 and other devices and applications with which thedevice 150 interacts. Theapplication 152 provides the received OTP or code to the control room 130 (316) which provides it to the bot 134 (317) which then proceeds to provide the received OTP or code to the application 103 (318) to satisfy the second factor generated by the MFA Factor Provider 142. -
FIG. 4 illustrates a block diagram of hardware that may be employed in an implementation of the RPA system as disclosed herein.FIG. 4 depicts a generalized example of a suitable general-purpose computing system 400 in which the described innovations may be implemented in order to improve the processing speed and efficiency with which thecomputing system 400 operates to perform the functions disclosed herein. With reference toFIG. 4 thecomputing system 400 includes one ormore processing units memory processing units tangible memory FIG. 4 may be standard hardware components, or alternatively, some embodiments may employ specialized hardware components to further increase the operating efficiency and speed with which the system 100 operates. The various components ofcomputing system 400 may be rearranged in various embodiments, and some embodiments may not require nor include all of the above components, while other embodiments may include additional components, such as specialized processors and additional memory. -
Computing system 400 may have additional features such as for example,storage 410, one ormore input devices 414, one ormore output devices 412, and one ormore communication connections 416. An interconnection mechanism (not shown) such as a bus, controller, or network interconnects the components of thecomputing system 400. Typically, operating system software (not shown) provides an operating system for other software executing in thecomputing system 400, and coordinates activities of the components of thecomputing system 400. - The
tangible storage 410 may be removable or non-removable, and includes magnetic disks, magnetic tapes or cassettes, CD-ROMs, DVDs, or any other medium which can be used to store information in a non-transitory way, and which can be accessed within thecomputing system 400. Thestorage 410 stores instructions for the software implementing one or more innovations described herein. - The input device(s) 414 may be a touch input device such as a keyboard, mouse, pen, or trackball, a voice input device, a scanning device, or another device that provides input to the
computing system 400. For video encoding, the input device(s) 414 may be a camera, video card, TV tuner card, or similar device that accepts video input in analog or digital form, or a CD-ROM or CD-RW that reads video samples into thecomputing system 400. The output device(s) 412 may be a display, printer, speaker, CD-writer, or another device that provides output from thecomputing system 400. - The communication connection(s) 416 enable communication over a communication medium to another computing entity. The communication medium conveys information such as computer-executable instructions, audio or video input or output, or other data in a modulated data signal. A modulated data signal is a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media can use an electrical, optical, RF, or other carrier.
- The terms “system” and “computing device” are used interchangeably herein. Unless the context clearly indicates otherwise, neither term implies any limitation on a type of computing system or computing device. In general, a computing system or computing device can be local or distributed and can include any combination of special-purpose hardware and/or general-purpose hardware with software implementing the functionality described herein.
- While the invention has been described in connection with a preferred embodiment, it is not intended to limit the scope of the invention to the particular form set forth, but on the contrary, it is intended to cover such alternatives, modifications, and equivalents as may be within the spirit and scope of the invention as defined by the appended claims.
Claims (24)
1. A computer-implemented method for executing automation tasks, the method comprising:
storing a first user credential, for accessing a first application, to a credential storage, the first user credential corresponding to an initial credential required for a multi-factor authentication protocol implemented by the first application for a user to access the first application;
storing, for a robotic process automation system via at least one network, a bot that is configured to perform one or more programmed tasks, at least one or more of the programmed tasks including accessing the first application using the first user credential and a second user credential, and including interacting with the first application on behalf of the user;
deploying the bot to a client computing device via the at least one network, wherein the bot is configured to operate on the client computing device and initiate interaction with the first application;
receiving, from the bot operating on the client computing device, a first request for the first user credential;
responding to the first request from the bot by retrieving the first user credential from the credential storage and providing the first user credential to the bot;
subsequently receiving, from the bot operating on the client computing device, a second request for the second user credential; and
responding to the second request from the bot by obtaining the second user credential from the credential storage or a third party service, and providing the second user credential to the bot.
2. The computer-implemented method of claim 1 wherein the responding to the second request from the bot comprises retrieving the second user credential from the credential storage.
3. The computer-implemented method of claim 1 wherein the responding to the second request from the bot comprises generating a time-based one-time password from a key stored in the credential storage, wherein the time-based one-time password corresponds to the second user credential.
4. The computer-implemented method of claim 1 wherein the responding to the second request from the bot comprises retrieving the second user credential from a second application which has received the second user credential from the third party service.
5. The computer-implemented method of claim 4 wherein the method further comprises:
providing the second user credential to a mobile device associated with the first user wherein the second application executes on the mobile device to receive the second user credential from the third party service.
6. The computer-implemented method of claim 1 wherein the second user credential comprises an answer to a question posed by the first application.
7. The computer-implemented method of claim 1 wherein the responding to the second request from the bot comprises obtaining a time-based one-time code, wherein the time-based one-time password corresponds to the second user credential.
8. The computer-implemented method of claim 1 wherein the responding to the second request from the bot comprises obtaining the second user credential from the third party service.
9. The computer-implemented method of claim 8 wherein the third party service is an access management service.
10. A robotic process automation system, comprising:
data storage for storing at least:
a set of task processing instructions operable to interact at a user level with one or more user level applications, wherein the set of task processing instructions is encoded to interact with a multi-factor authentication provider; and
credentials, wherein at least some of the credentials are used to satisfy multi-factor authentication protocols required by the one or more user level applications;
a server processor operatively coupled to the data storage and configured to execute instructions that when executed cause the server processor to at least:
respond to a request to deploy the set of task processing instructions by deploying the set of task processing instructions;
respond to a first request from the set of task processing instructions operating on the client computing device to provide a first credential associated with a user to enable the set of task processing instructions to login to a first application, by retrieving from the data storage the first credential associated with the user that corresponds to the first application and providing the first credential to the set of task processing instructions; and
after responding to the first request, respond to a second request from the set of task processing instructions operating on the client computing device to provide a second credential associated with the user to enable the set of task processing instructions to login to the first application, by retrieving the second credential associated with the user that correspond to the first application and providing the second credential to the set of task processing instructions.
11. The robotic process automation system of claim 10 wherein the server processor responds to a second request by retrieving the second credential associated with the user that corresponds to the first application from the data storage and providing the second credential associated with the user to the set of task processing instructions.
12. The robotic process automation system of claim 10 wherein the server processor responds to a second request by retrieving the second credential from a second application which has received the second credential from a third party application and providing the second credential associated with the user to the set of task processing instructions.
13. The robotic process automation system of claim 12 wherein the server processor provides the second application to a mobile device associated with the user wherein the second application executes on the mobile device associated with the user to receive the second credential from the third party application.
14. The robotic process automation system of claim 12 wherein the retrieving the second credential from a second application comprises:
retrieving a user credential from the data storage;
accessing the second application with the user credential; and
retrieving the second user credential from the second application.
15. The robotic process automation system of claim 14 wherein the second application comprises an e-mail application.
16. The robotic process automation system of claim 14 wherein the second user credential comprises an answer to a question posed by the first application.
17. A tangible storage medium, having stored thereupon one or more program modules comprising computer-executable instructions for execution on a computer system, the computer-executable instructions causing the computer system to:
operate a bot on a client computing device;
access, via the bot, a first application on behalf of a user, the first application configured to operate on the client computing device;
receive, from the bot operating on the client computing device, a first request from the first application for a first user credential of the user;
respond to the first request from the first application for a first user credential of the user by requesting the first user credential of the user that corresponds to the first application to be provided from a credential storage that securely stores user credentials for a plurality of users, and then providing the first user credential to the first application;
subsequently receive, from the bot operating on the client computing device, a second request from the first application for a second user credential; and
respond to second request from the first application for a second user credential of the user by requesting the second user credential of the user to be provided, and then providing the second user credential to the first application.
18. The tangible storage medium of claim 17 wherein the second user credential is acquired by a second application, and then provided to the first application.
19. The tangible storage medium of claim 17 wherein the first user credential and the second user credential together provide multi-factor authentication of the user to the first application.
20. The tangible storage medium of claim 17 wherein the second credential corresponds to a one-time password.
21. The tangible storage medium of claim 14 wherein the second user credential is acquired by a multi-factor authentication provider.
22. The tangible storage medium of claim 21 wherein the second credential corresponds to a code transmitted via email by the multi-factor authentication provider to an email account associated with the first user, wherein the second application corresponds to an email application that operates the email account associated with the first user.
23. The tangible storage medium of claim 21 wherein the second credential corresponds to a code transmitted via SMS by the multi-factor authentication provider to a mobile device associated with the first user, wherein the second application corresponds to a listener application executing on the mobile device associated with the user that recognizes an SMS message from the multi-factor authentication provider and extracts the second credential from the SMS message.
24. The tangible storage medium of claim 21 wherein the multi-factor authentication provider is a network-based access management service provider.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/988,660 US20230082185A1 (en) | 2020-01-31 | 2022-11-16 | Automation of workloads involving applications employing multi-factor authentication |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/779,117 US11514154B1 (en) | 2020-01-31 | 2020-01-31 | Automation of workloads involving applications employing multi-factor authentication |
US17/988,660 US20230082185A1 (en) | 2020-01-31 | 2022-11-16 | Automation of workloads involving applications employing multi-factor authentication |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/779,117 Continuation US11514154B1 (en) | 2020-01-31 | 2020-01-31 | Automation of workloads involving applications employing multi-factor authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
US20230082185A1 true US20230082185A1 (en) | 2023-03-16 |
Family
ID=84230941
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/779,117 Active 2040-10-21 US11514154B1 (en) | 2020-01-31 | 2020-01-31 | Automation of workloads involving applications employing multi-factor authentication |
US17/988,660 Pending US20230082185A1 (en) | 2020-01-31 | 2022-11-16 | Automation of workloads involving applications employing multi-factor authentication |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/779,117 Active 2040-10-21 US11514154B1 (en) | 2020-01-31 | 2020-01-31 | Automation of workloads involving applications employing multi-factor authentication |
Country Status (1)
Country | Link |
---|---|
US (2) | US11514154B1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2603757B (en) * | 2021-02-04 | 2023-07-19 | Machine Two Ltd | Multi-factor authentication system and method |
US11940905B2 (en) * | 2021-09-15 | 2024-03-26 | UiPath, Inc. | System and computer-implemented method for testing an application using an automation bot |
Family Cites Families (106)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5983001A (en) | 1995-08-30 | 1999-11-09 | Sun Microsystems, Inc. | Method and system for facilitating the automatic creation of test scripts |
US8079086B1 (en) | 1997-11-06 | 2011-12-13 | Finjan, Inc. | Malicious mobile code runtime monitoring system and methods |
US5949999A (en) | 1996-11-25 | 1999-09-07 | Siemens Corporate Research, Inc. | Software testing and requirements tracking |
US5933139A (en) | 1997-01-31 | 1999-08-03 | Microsoft Corporation | Method and apparatus for creating help functions |
US6496979B1 (en) | 1997-10-24 | 2002-12-17 | Microsoft Corporation | System and method for managing application installation for a mobile device |
US6427234B1 (en) | 1998-06-11 | 2002-07-30 | University Of Washington | System and method for performing selective dynamic compilation using run-time information |
GB2341462B (en) | 1998-09-12 | 2003-06-11 | Ibm | Method for deployment of incremental versions of applications |
US6957186B1 (en) | 1999-05-27 | 2005-10-18 | Accenture Llp | System method and article of manufacture for building, managing, and supporting various components of a system |
US6473794B1 (en) | 1999-05-27 | 2002-10-29 | Accenture Llp | System for establishing plan to test components of web based framework by displaying pictorial representation and conveying indicia coded components of existing network framework |
US7181438B1 (en) | 1999-07-21 | 2007-02-20 | Alberti Anemometer, Llc | Database access system |
US6704873B1 (en) | 1999-07-30 | 2004-03-09 | Accenture Llp | Secure gateway interconnection in an e-commerce based environment |
US6640244B1 (en) | 1999-08-31 | 2003-10-28 | Accenture Llp | Request batcher in a transaction services patterns environment |
WO2002025438A1 (en) | 2000-09-22 | 2002-03-28 | Patchlink.Com Corporation | Non-invasive automatic offsite patch fingerprinting and updating system and method |
US6954747B1 (en) | 2000-11-14 | 2005-10-11 | Microsoft Corporation | Methods for comparing versions of a program |
US7441007B1 (en) | 2001-07-30 | 2008-10-21 | At&T Intellectual Property I, L.P. | System and method for allowing applications to retrieve properties and configuration information from a persistent store |
US6928637B2 (en) | 2001-08-10 | 2005-08-09 | Wind River Systems, Inc. | Version control adapter interface to support integration of multiple vendors integrated development environments (IDEs) |
US7188163B2 (en) | 2001-11-26 | 2007-03-06 | Sun Microsystems, Inc. | Dynamic reconfiguration of applications on a server |
US20080027769A1 (en) | 2002-09-09 | 2008-01-31 | Jeff Scott Eder | Knowledge based performance management system |
US7055067B2 (en) | 2002-02-21 | 2006-05-30 | Siemens Medical Solutions Health Services Corporation | System for creating, storing, and using customizable software test procedures |
US6898764B2 (en) | 2002-04-29 | 2005-05-24 | International Business Machines Corporation | Method, system and program product for determining differences between an existing graphical user interface (GUI) mapping file and a current GUI |
JP2005530250A (en) | 2002-06-12 | 2005-10-06 | ジェナ ジョーダル, | Data storage, retrieval, operation, and display tools that realize a multi-level perspective |
US6788241B2 (en) | 2002-09-25 | 2004-09-07 | Universal Electronics Inc. | System and method for using keystroke data to configure a remote control device |
WO2004038546A2 (en) | 2002-10-21 | 2004-05-06 | Bitfone Corporation | System with required enhancements to syncml dm environment to support firmware updates |
US20040172526A1 (en) | 2003-02-27 | 2004-09-02 | Tann Johnathan P. | Universal loader for portable electronic devices |
US7846023B2 (en) | 2003-03-27 | 2010-12-07 | Microsoft Corporation | Application-centric user interface techniques |
US7555657B2 (en) | 2003-03-28 | 2009-06-30 | Ricoh Company, Ltd. | Communication device, software update device, software update system, software update method, and program |
US7805710B2 (en) | 2003-07-15 | 2010-09-28 | International Business Machines Corporation | Shared code caching for program code conversion |
US20070112574A1 (en) | 2003-08-05 | 2007-05-17 | Greene William S | System and method for use of mobile policy agents and local services, within a geographically distributed service grid, to provide greater security via local intelligence and life-cycle management for RFlD tagged items |
EP1673702A4 (en) | 2003-09-11 | 2008-11-05 | Ipx Inc | System for software source code comparison |
US7379600B2 (en) | 2004-01-28 | 2008-05-27 | Microsoft Corporation | Method and system for automatically determining differences in a user interface throughout a development cycle |
US7398469B2 (en) | 2004-03-12 | 2008-07-08 | United Parcel Of America, Inc. | Automated test system for testing an application running in a windows-based environment and related methods |
US7810070B2 (en) | 2004-03-29 | 2010-10-05 | Sas Institute Inc. | System and method for software testing |
US7765525B1 (en) | 2004-09-01 | 2010-07-27 | Intuit Inc. | Operations manager infrastructure for dynamically updating software operational policy |
US7590972B2 (en) | 2004-10-28 | 2009-09-15 | Cogency Software, Inc. | Role-oriented development environment |
US20060150188A1 (en) | 2004-12-21 | 2006-07-06 | Manuel Roman | Method and apparatus for supporting soft real-time behavior |
US7590623B2 (en) | 2005-01-06 | 2009-09-15 | International Business Machines Corporation | Automated management of software images for efficient resource node building within a grid environment |
US7805317B2 (en) | 2005-03-03 | 2010-09-28 | Navteq North America, Llc | Method of organizing map data for affinity relationships and application for use thereof |
CA2577244A1 (en) | 2005-04-18 | 2006-10-26 | Research In Motion Limited | Method and system for controlling software version updates |
WO2006132564A1 (en) | 2005-06-10 | 2006-12-14 | Intel Corporation | A cognitive control framework for automatic control of application programs exposing a graphical user interface |
US9104294B2 (en) | 2005-10-27 | 2015-08-11 | Apple Inc. | Linked widgets |
US8544058B2 (en) | 2005-12-29 | 2013-09-24 | Nextlabs, Inc. | Techniques of transforming policies to enforce control in an information management system |
WO2007137145A2 (en) | 2006-05-17 | 2007-11-29 | Newsilike Media Group, Inc | Certificate-based search |
US7533096B2 (en) | 2006-07-12 | 2009-05-12 | International Business Machines Corporation | Computer-based method for finding similar objects using a taxonomy |
CN101114229A (en) | 2006-07-25 | 2008-01-30 | 国际商业机器公司 | System and method for auxiliary installation software |
US8056092B2 (en) | 2006-09-29 | 2011-11-08 | Clearspring Technologies, Inc. | Method and apparatus for widget-container hosting and generation |
US8195826B2 (en) | 2006-11-10 | 2012-06-05 | Bally Gaming, Inc. | UDP broadcast for user interface in a download and configuration gaming method |
WO2008082441A1 (en) | 2006-12-29 | 2008-07-10 | Prodea Systems, Inc. | Display inserts, overlays, and graphical user interfaces for multimedia systems |
US20080209392A1 (en) | 2007-02-26 | 2008-08-28 | Able Steve L | Systems and Methods for Definition and Execution of Batch Processing Services |
US7958495B2 (en) | 2007-03-08 | 2011-06-07 | Systemware, Inc. | Program test system |
US8028269B2 (en) | 2007-03-09 | 2011-09-27 | International Business Machines Corporation | Compliance management method and system |
US8095910B2 (en) | 2007-04-10 | 2012-01-10 | Microsoft Corporation | Interruptible client-side scripts |
US20080263024A1 (en) | 2007-04-20 | 2008-10-23 | Agere Systems, Inc. | Electronic device with a ranking of applications based on location and method of using the same |
US8214068B2 (en) | 2007-05-04 | 2012-07-03 | Schneider Electric Automation Gmbh | Collaborative automation system and method for the control thereof |
US8209738B2 (en) | 2007-05-31 | 2012-06-26 | The Board Of Trustees Of The University Of Illinois | Analysis of distributed policy rule-sets for compliance with global policy |
US8132156B2 (en) | 2007-06-14 | 2012-03-06 | Red Hat, Inc. | Methods and systems for testing tool with comparative testing |
US9167070B2 (en) | 2007-07-31 | 2015-10-20 | Qualcomm Incorporated | Widget discovery in computing devices |
DE502007006736D1 (en) | 2007-10-16 | 2011-04-28 | Siemens Ag | Method for automatically modifying a program |
US8364973B2 (en) | 2007-12-31 | 2013-01-29 | Intel Corporation | Dynamic generation of integrity manifest for run-time verification of software program |
US20090199160A1 (en) | 2008-01-31 | 2009-08-06 | Yahoo! Inc. | Centralized system for analyzing software performance metrics |
US8185917B2 (en) | 2008-02-27 | 2012-05-22 | Accenture Global Services Limited | Graphical user interface application comparator |
US8924933B2 (en) | 2008-03-25 | 2014-12-30 | Barclays Capital Inc. | Method and system for automated testing of computer applications |
US8234622B2 (en) | 2008-03-31 | 2012-07-31 | Microsoft Corporation | Cross platform compositional widgets |
EP2310941A1 (en) | 2008-06-02 | 2011-04-20 | Awox | Method and device for updating a computer application |
US9098635B2 (en) | 2008-06-20 | 2015-08-04 | Cadence Design Systems, Inc. | Method and system for testing and analyzing user interfaces |
US8352577B2 (en) | 2008-07-22 | 2013-01-08 | Lockheed Martin Corporation | Method and apparatus for updating information on an embedded system |
US8291382B2 (en) | 2008-07-22 | 2012-10-16 | International Business Machines Corporation | Maintenance assessment management |
US20100100626A1 (en) | 2008-09-15 | 2010-04-22 | Allen Stewart O | Methods and apparatus related to inter-widget interactions managed by a client-side master |
US8315964B2 (en) | 2008-10-27 | 2012-11-20 | Microsoft Corporation | Comprehensive human computation framework |
US8943493B2 (en) | 2008-11-18 | 2015-01-27 | Red Hat, Inc. | Automation of application deployment |
US8769482B2 (en) | 2008-12-16 | 2014-07-01 | International Business Machines Corporation | Method and system for building an application |
KR101470499B1 (en) | 2008-12-30 | 2014-12-08 | 삼성전자주식회사 | Method and apparatus for producing widget in portable terminal |
US8438558B1 (en) | 2009-03-27 | 2013-05-07 | Google Inc. | System and method of updating programs and data |
US8713003B2 (en) | 2009-07-24 | 2014-04-29 | Peer Belt Inc. | System and method for ranking content and applications through human assistance |
US8352464B2 (en) | 2009-07-24 | 2013-01-08 | Peer Belt Inc. | System and method for ranking documents through human assistance |
US8874685B1 (en) | 2009-09-22 | 2014-10-28 | Threatguard, Inc. | Compliance protocol and architecture |
US9621584B1 (en) | 2009-09-30 | 2017-04-11 | Amazon Technologies, Inc. | Standards compliance for computing data |
WO2011080772A1 (en) | 2009-12-30 | 2011-07-07 | Telecom Italia S.P.A | Method and system for ranking affinity degree among functional blocks |
US9514103B2 (en) | 2010-02-05 | 2016-12-06 | Palo Alto Research Center Incorporated | Effective system and method for visual document comparison using localized two-dimensional visual fingerprints |
US9009669B2 (en) | 2010-05-07 | 2015-04-14 | Salesforce.Com, Inc. | Visual user interface validator |
US10430180B2 (en) | 2010-05-26 | 2019-10-01 | Automation Anywhere, Inc. | System and method for resilient automation upgrade |
US8504803B2 (en) | 2010-05-26 | 2013-08-06 | Tethys Solutions LLC | System and method for creating and executing portable software |
US10289959B2 (en) * | 2010-05-26 | 2019-05-14 | Automation Anywhere, Inc. | Artificial intelligence and knowledge based automation enhancement |
US9462042B2 (en) | 2010-05-26 | 2016-10-04 | Tethys Solutions LLC | System and method for enabling application discovery by automation needs |
US8631396B2 (en) | 2010-06-03 | 2014-01-14 | International Business Machines Corporation | Schema specification to improve product consumability on installation, configuration, and/or un-installation activity |
US9213625B1 (en) | 2010-07-27 | 2015-12-15 | Intuit Inc. | Method and apparatus for performing automated user-interface layout testing |
US8566744B2 (en) | 2010-08-12 | 2013-10-22 | Vmware, Inc. | Same-display comparison of content for different renditions of a single computer program |
US8498473B2 (en) | 2010-08-24 | 2013-07-30 | Compuware Corporation | System for computationally quantifying similarities between images |
US20130173648A1 (en) | 2010-10-29 | 2013-07-04 | Xiang Tan | Software Application Recognition |
US20120124062A1 (en) | 2010-11-12 | 2012-05-17 | Microsoft Corporation | Application Transfer Protocol |
US8682083B2 (en) | 2011-06-30 | 2014-03-25 | American Express Travel Related Services Company, Inc. | Method and system for webpage regression testing |
US8631458B1 (en) | 2011-09-29 | 2014-01-14 | Symantec Corporation | Method and apparatus for elastic (re)allocation of enterprise workloads on clouds while minimizing compliance costs |
US9571332B2 (en) | 2012-04-17 | 2017-02-14 | Adara Networks, Inc. | Methods and apparatuses for remote application provisioning automation over virtualized IT infrastructure |
US9201946B2 (en) | 2012-04-26 | 2015-12-01 | Quixey, Inc. | Application representation for application editions |
GB201213277D0 (en) * | 2012-07-26 | 2012-09-05 | Highgate Labs Ltd | Two device authentication mechanism |
WO2014048491A1 (en) | 2012-09-28 | 2014-04-03 | Siemens Aktiengesellschaft | Apparatus and methods for providing building automation system data updates to a web client |
US10025445B2 (en) | 2012-12-21 | 2018-07-17 | International Business Machines Corporation | Automated screen captures |
US8965905B2 (en) | 2013-01-02 | 2015-02-24 | International Business Machines Corporation | Discovering relationships between data processing environment components |
US8819241B1 (en) | 2013-03-14 | 2014-08-26 | State Farm Mutual Automobile Insurance Company | System and method for a self service portal and automation for internally hosted virtual server resources |
US9135151B2 (en) | 2013-09-18 | 2015-09-15 | Yahoo! Inc. | Automatic verification by comparing user interface images |
US10438225B1 (en) * | 2013-12-18 | 2019-10-08 | Amazon Technologies, Inc. | Game-based automated agent detection |
US9852049B2 (en) | 2014-05-27 | 2017-12-26 | International Business Machines Corporation | Screenshot validation testing |
US10857786B2 (en) * | 2017-01-19 | 2020-12-08 | Hewlett-Packard Development Company, L.P. | Fluid driver actuation control using offset |
US10643246B1 (en) * | 2017-03-29 | 2020-05-05 | Amazon Technologies, Inc. | Methods and systems for customization of user profiles |
US10437984B2 (en) * | 2017-10-26 | 2019-10-08 | Bank Of America Corporation | Authentication protocol elevation triggering system |
US10575231B2 (en) * | 2017-11-03 | 2020-02-25 | Bank Of America Corporation | System for connection channel adaption using robotic automation |
US11281936B2 (en) * | 2018-12-31 | 2022-03-22 | Kofax, Inc. | Systems and methods for identifying processes for robotic automation and building models therefor |
-
2020
- 2020-01-31 US US16/779,117 patent/US11514154B1/en active Active
-
2022
- 2022-11-16 US US17/988,660 patent/US20230082185A1/en active Pending
Also Published As
Publication number | Publication date |
---|---|
US11514154B1 (en) | 2022-11-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10911546B1 (en) | Robotic process automation with automated user login for multiple terminal server hosted user sessions | |
US20230082185A1 (en) | Automation of workloads involving applications employing multi-factor authentication | |
US20210129325A1 (en) | Productivity plugin for integration with robotic process automation | |
CN108351927B (en) | Password-free authentication for access management | |
US10157275B1 (en) | Techniques for access management based on multi-factor authentication including knowledge-based authentication | |
US10587697B2 (en) | Application-specific session authentication | |
CN108681662B (en) | Method and device for installing program | |
US11586434B2 (en) | Selecting a version of an application | |
EP3942775B1 (en) | Application integration using multiple user identities | |
US11627129B2 (en) | Method and system for contextual access control | |
JP2018533141A (en) | Access server authenticity check initiated by end user | |
CA2909282A1 (en) | System and method for mobile single sign-on integration | |
US11556362B2 (en) | Robotic process automation system with device user impersonation | |
US20210056185A1 (en) | Controlling access to computer resources | |
US20190215314A1 (en) | Second factor authorization via a hardware token device | |
US11645381B2 (en) | User configured one-time password | |
US20220286435A1 (en) | Dynamic variance mechanism for securing enterprise resources using a virtual private network | |
US10783238B2 (en) | Automating password change management | |
US11134077B2 (en) | User-controlled transaction annotation for authentication events across multiple user devices | |
EP3827362A1 (en) | Web browser incorporating social and community features | |
US11968182B2 (en) | Authentication of software robots with gateway proxy for access to cloud-based services | |
CA3113523C (en) | Systems and methods for automated digital enrollment | |
US11271738B1 (en) | Secure, reliable, and decentralized communication in cloud platform | |
KR102563756B1 (en) | Method and apparatus for mobile device management | |
US11659021B2 (en) | Asynchronous distributed modular function calling |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |